Wannabe does self in via loopbackurban legend?
A colleague sent me a link this morning to an alleged IRC log of a conversation with a wannabe cracker who, supposedly, did himself in via the loopback (no, I'm not posting it. Assuming you want to see one of these, feel free to Google it, but it sounds like the poor buggers are having bandwidth issues with everyone jumping on it this morning)... You might have heard this one before (hell, you mighta even seen the strip on User Friendly). Important part of the conversation goes something like:
For anyone who doesn't get the joke (and I suppose such folk do exist), 127.0.0.1 is the loopback address. You send anything into your IP stack destined for that address, it's gonna come right back atcha. So, theoretically at least, whatever the wannabe was using, he just used it on himself.
Now, I'm amused by this story. It has such a perfect cartoon quality about it. It's pretty much the same thing as in the old Warner Brothers bitsBugs saying to Elmer Fudd, 'oh, no no no... you've got it backwards, bub! Let me help you, there,' and turns around the shotgun. Fudd says, sincerely and gratefully, 'G'g'g'gee, thanks! S'say s'say your pwayers, wabbit!'... and blows his own head off...
But I also find it pretty hard to believe.
It's not, actually, the notion that the wannabe might not know the loopback address when he sees it. Yes, there is a whole class of characters playing with these tools whose knowledge of networking is pretty rudimentarya whole class of characters who mostly get by on downloading those tools from folk who know the bits a lot better. So yes, theoretically, you might get one stupid enough actually to take that bait... And no, it's not the notion that that's essentially what would happen if they did. Probably, it would work, provided the tool really was effective against the system in question. Particularly if it were some obvious denial of service thing, it would probably be better than twice as effective as usual, since the machine would be doing both the work of attacking and defending, simultaneously, and the malicious packets might be going through a lot less medicine on the defending end, depending on the OS and setup.
My problem is more with the overall narrative. I mean, let's get this straight: the wannabe asks the intended target what IP to attack (seems unlikely they'd expect to get an answer)... after which the intended target just cheerily gives them the address, and the wannabe isn't a bit suspicious?
Hard to buy, I gotta say.
Still, pretty funny.
Wannabe: That's it! You're going down! What's your IP?After which, of course, the trash-talkin' yutz disappears from IRC, as his allegedly deadly hacking tool apparently turns his own machine into a smouldering ruin, and it gets a mite too busy to keep up with talking to the IRC servers...
Bemused intended target: 127.0.0.1.
Wannabe: Watch this, sucker!...
For anyone who doesn't get the joke (and I suppose such folk do exist), 127.0.0.1 is the loopback address. You send anything into your IP stack destined for that address, it's gonna come right back atcha. So, theoretically at least, whatever the wannabe was using, he just used it on himself.
Now, I'm amused by this story. It has such a perfect cartoon quality about it. It's pretty much the same thing as in the old Warner Brothers bitsBugs saying to Elmer Fudd, 'oh, no no no... you've got it backwards, bub! Let me help you, there,' and turns around the shotgun. Fudd says, sincerely and gratefully, 'G'g'g'gee, thanks! S'say s'say your pwayers, wabbit!'... and blows his own head off...
But I also find it pretty hard to believe.
It's not, actually, the notion that the wannabe might not know the loopback address when he sees it. Yes, there is a whole class of characters playing with these tools whose knowledge of networking is pretty rudimentarya whole class of characters who mostly get by on downloading those tools from folk who know the bits a lot better. So yes, theoretically, you might get one stupid enough actually to take that bait... And no, it's not the notion that that's essentially what would happen if they did. Probably, it would work, provided the tool really was effective against the system in question. Particularly if it were some obvious denial of service thing, it would probably be better than twice as effective as usual, since the machine would be doing both the work of attacking and defending, simultaneously, and the malicious packets might be going through a lot less medicine on the defending end, depending on the OS and setup.
My problem is more with the overall narrative. I mean, let's get this straight: the wannabe asks the intended target what IP to attack (seems unlikely they'd expect to get an answer)... after which the intended target just cheerily gives them the address, and the wannabe isn't a bit suspicious?
Hard to buy, I gotta say.
Still, pretty funny.